# Encryption of PHP - PHP

Encryption is the process of transforming information to and from an unreadable format. Some algorithms simply scramble text; others allow for reversing the process. PHP offers a wrapper to C's crypt function, plus an extension that wraps the mcrypt library. The mcrypt functions rely on a library of the same name written by Nikos Mavroyanopoulos, which provides an advanced system for encrypting data.Sascha Schumann added mycrypt functionality to PHP.

Cryptography is a topic beyond the scope of this text. Some concepts discussed in this section require familiarity with advanced cryptographic theories. A great place to start learning about cryptography is the FAQ file for the sci.crypt Usenet newsgroup. . Another resource is a book Prentice Hall publishes called Cryptography and Network Security: Principles and Practice by William Stallings. The PHP manual suggests Applied Cryptography by Bruce Schneier.

string crypt(string text, string salt)
The crypt function encrypts a string using C's crypt function, which usually uses standard DES encryption, but depends on your operating system. The text argument is returned encrypted. The salt argument is optional. PHP will create a random salt value if one is not provided. You may wish to read the man page on crypt to gain a better understanding.

Note that data encrypted with the crypt function cannot be decrypted. The function is usually used to encrypt a password that is saved for when authorization is necessary. At that time, the password is asked for, encrypted, and compared to the previously encrypted password.

Depending on your operating system, alternatives to DES encryption may be available. The salt argument is used to determine which algorithm to use. A two-character salt is used for standard DES encryption. A nine-character salt specifies extended DES. A twelve-character salt specifies MD5 encryption. And a sixteen-character salt specifies the blowfish algorithm.

When PHP is compiled, available algorithms are incorporated. The following constants will hold TRUE or FALSE values you can use to determine the availability of the four algorithms: CRYPT_STD_DES, CRYPT_EXT_DES, CRYPT_MD5, CRYPT_BLOWFISH.

<?
$password = "secret"; if(CRYPT_MD5) {$salt = "leonatkinson";
print("Using MD5: ");
}
else
{
$salt = "cp"; print("Using Standard DES: "); } print(crypt($password, $salt)); ?> string mcrypt_create_iv(integer size, integer source) Use mcrypt_create_iv to create an initialization vector. The size should match the encryption algorithm and should be set using mcrypt_get_block_size. The source argument can be one of three constants. MCRYPT_DEV_RANDOM uses random numbers from /dev/random. MCRYPT_DEV_URANDOM uses random numbers from /dev/urandom. MCRYPT_RAND uses random numbers from the rand function, which means you ought to seed it first with srand. string mcrypt_cbc(integer algorithm, string key, string data, integer mode, string initialization_vector) The mcrypt_cbc function encrypts a string using cipher block chaining. This method is best suited to encrypting whole files. The algorithm argument is one of the constants listed. The mode argument can be either MCRYPT_DECRYPT or MCRYPT_ENCRYPT. An initialization vector is optional. Remember that if you encrypt using one, you must use the same one to decrypt. <? //set up test data$message = "This message is sensitive.";
$key = "secret"; //encrypt message$code = mcrypt_ofb(MCRYPT_BLOWFISH_128, $key,$message, MCRYPT_ENCRYPT);
//pring decrypted message
print(mcrypt_ofb(MCRYPT_BLOWFISH_128, $key,$code,
MCRYPT_ DECRYPT));
?>

mcrypt_cfb(integer algorithm, string key, string data, integer mode, string initialization_vector)
The mcrypt_cfb function encrypts a string using cipher feedback. This method is best suited to encrypting streams. However, PHP's mcrypt interface does not support stream ciphers at the time of this writing. The algorithm argument is one of the constants listed. The mode argument can be either MCRYPT_DECRYPT or MCRYPT_ENCRYPT. An initialization vector is required. You must use the same one to decrypt.

mcrypt_ecb(integer algorithm, string key, string data, integer mode)
The mcrypt_ecb function encrypts a string using the electronic codebook method, which is good for encryption of short, irregular data. The algorithm argument is one of the constants listed. The mode argument can be either MCRYPT_DECRYPT or MCRYPT_ENCRYPT.

<?
//set up test data
$message = "This message is sensitive.";$key = "secret";
//encrypt message
$code = mcrypt_cbc(MCRYPT_BLOWFISH_128,$key,
$message, MCRYPT_ENCRYPT); //pring decrypted message print(mcrypt_cbc(MCRYPT_BLOWFISH_128,$key, $code, MCRYPT_DECRYPT)); ?> integer mcrypt_get_block_size(integer algorithm) Use mcrypt_get_block_size to find the block size for a given encryption algorithm. Use one of the constants listed. See mcrypt_ get_cipher_name for an example of use. string mcrypt_get_cipher_name(integer algorithm) Use mcrypt_get_cipher_name to get the name of an encryption algorithm. Use one of the constants listed. <? //create array of encryption algorithms$algorithm = array(
3DES, 3WAY, BLOWFISH_128, BLOWFISH_192,
BLOWFISH_256,
BLOWFISH_448, CAST_128, CAST_256, DES,
GOST, IDEA, LOKI97,
RC2_1024, RC2_128, RC2_256, RC4, RC6_128,
RC6_192, RC6_256,
RIJNDAEL_128, RIJNDAEL_192, RIJNDAEL_256,
SAFERPLUS,
SAFER_128, SAFER_64, SERPENT_128,
SERPENT_192, SERPENT_256,
TWOFISH_128, TWOFISH_192, TWOFISH_256,
XTEA);
print("<TABLE BORDER="1">n");
print("<TR>n");
print("<TH>Name</TH>n");
print("<TH>Block Size</TH>n");
print("<TH>Key Size<TH>n");
print("</TR>n");
//loop over each one
foreach($algorithm as$value)
{
print("<TR>n");
print("<TD>" .
mcrypt_get_cipher_name($value) . "</TD>"); print("<TD>" . mcrypt_get_block_size($value) . "</TD>");
print("<TD>" . mcrypt_get_key_size($value) . "</TD>"); print("</TR>n"); } print("</TABLE>n"); ?> integer mcrypt_get_key_size(integer algorithm) Use mcrypt_get_key_size to find the key size for a given encryption algorithm. Use one of the constants listed. See mcrypt_get_cipher_name for an example of use. mcrypt_ofb(integer algorithm, string key, string data, integer mode, string initialization_vector) The mcrypt_ofb function encrypts a string using output feedback. This method is another method suited to stream ciphers. The algorithm argument is one of the constants listed. The mode argument can be either MCRYPT_DECRYPT or MCRYPT_ENCRYPT. An initialization vector is required. You must use the same one to decrypt. <? //set up test data$message = "This message is sensitive.";
$key = "secret";$iv = mcrypt_create_iv(
mcrypt_get_block_size(MCRYPT_BLOWFISH_128),
MCRYPT_DEV_RANDOM);
//encrypt message
$code = mcrypt_ofb(MCRYPT_BLOWFISH_128,$key,
$message, MCRYPT_ENCRYPT,$iv);
//pring decrypted message
print(mcrypt_ofb(MCRYPT_BLOWFISH_128, $key,$code,
MCRYPT_DECRYPT, \$iv)); ?>